diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-12-14 09:56:34 -0200 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-12-14 09:56:34 -0200 |
| commit | c92ccac76ff2938c5718440efdd846317f6a2d55 (patch) | |
| tree | 1dd190505af25191f0289552a155732d7432da58 /etc/inc/openvpn.inc | |
| parent | 386447eaa7cfe727678455955285b1ecd4e6e9f9 (diff) | |
| parent | c9b08a50f0ba328ac0569247eb2063d34f7e6279 (diff) | |
| download | pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.zip pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.tar.gz | |
Merge remote branch 'mainline/master' into inc
Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/gwlb.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/shaper.inc
etc/inc/upgrade_config.inc
etc/inc/xmlparse.inc
usr/local/www/fbegin.inc
Diffstat (limited to 'etc/inc/openvpn.inc')
| -rw-r--r-- | etc/inc/openvpn.inc | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 5e607a8..5dc0233 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -393,8 +393,9 @@ function openvpn_reconfigure($mode,& $settings) { $sed .= "\"{$authcfg}\""; } $sed .= ");\\\n"; - if (isset($settings['strictusercn'])) + if ($settings['strictusercn']) $sed .= "\$strictusercn = true;"; + $sed .= " \$modeid = \"{$mode_id}\";"; mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; @@ -445,19 +446,19 @@ function openvpn_reconfigure($mode,& $settings) { break; } - // The port we'll listen at - // If local_port is used, bind the management port - if ($settings['local_port']) { + // If there is no bind option at all (ip and/or port), add "nobind" directive + // Otherwise, use the local port if defined, failing that, use lport 0 to + // ensure a random source port. + if ((empty($iface_ip)) && (!$settings['local_port'])) + $conf .= "nobind\n"; + elseif ($settings['local_port']) $conf .= "lport {$settings['local_port']}\n"; - } + else + $conf .= "lport 0\n"; + // Use unix socket to overcome the problem on any type of server $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n"; - // If there is no bind option at all (ip and/or port), add "nobind" directive - if ((empty($iface_ip)) && (!$settings['local_port'])) { - $conf .= "nobind\n"; - } - // The remote server $conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n"; @@ -576,7 +577,9 @@ function openvpn_restart($mode, & $settings) { /* start the new process */ $fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf"; mwexec_bg("nohup openvpn --config {$fpath}"); - send_event("filter reload"); + + if (!$g['booting']) + send_event("filter reload"); } function openvpn_delete($mode, & $settings) { |
